Systems for secure data connections in an aviation environment

ABSTRACT

A secure communication management (SCM) computer device for providing secure data connections in an aviation environment which, includes safety of flight information, is provided. The SCM computer device includes a processor in communication with a memory. The processor is programmed to receive, from a first user computer device, a first data message for a first aircraft. The first data message is in a standardized data format. The processor is also programmed to analyze the first data message for potential cybersecurity threats. If the determination is that the first data message does not contain a cybersecurity threat, the processor is further programmed to convert the first data message into a first data format associated with the first aircraft and transmit the converted first data message to the first aircraft using a first communication protocol associated with the first aircraft.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of and claims the benefit of priorityto U.S. patent application Ser. No. 15/225,397, filed Aug. 1, 2016,entitled “SYSTEM AND METHODS FOR PROVIDING SECURE DATA CONNECTIONS IN ANAVIATION ENVIRONMENT,” the entire contents and disclosure of which areincorporated by reference in its entirety.

BACKGROUND

The field of the present disclosure relates generally to providingsecure data connections in an aviation environment, and, morespecifically, to managing data connections between ground-based computernetworks and a plurality of aircraft.

Aviation platforms and infrastructures consist of many complex,networked, and hierarchical systems that perform various aviationcomputing needs. Some aviation platforms, such as aircraft standalonesystems are migrating to e-Enabled networked aerospace approaches forgreater operational performance efficiencies. The adoption of e-Enabledarchitectures and technologies increases the operational and performanceefficiencies that results from being networked. The e-Enabling ofaircraft systems with aerospace-specific and commercial networkingsolutions, enables communication between systems, across aircraftsystems domain boundaries, and to ground-based systems.

However, the interconnection of aircraft systems domains and improvedability to communicate with on-board and off-board systems increases therisk of current and emerging cybersecurity attacks. Furthermore,different aircraft may use different communication protocols. Thesecommunication protocols may vary between airlines, types of aircraft,locations of individual aircraft, and even between different aircraft ofthe same type. These varying in communication protocols increase therisk of important communications not reaching their destination by beingintercepted or corrupted in transit.

BRIEF DESCRIPTION

In one aspect, a secure communication management (SCM) computer devicefor providing secure data connections in an aviation environment isprovided. The SCM computer device includes a processor in communicationwith a memory. The processor is programmed to receive, from a first usercomputer device, a first data message for a first aircraft. The firstdata message is in a standardized data format. The processor is alsoprogrammed to analyze the first data message for potential cybersecuritythreats. If the determination is that the first data message does notcontain a cybersecurity threat, the processor is further programmed toconvert the first data message into a first data format associated withthe first aircraft and transmit the converted first data message to thefirst aircraft using a first communication protocol associated with thefirst aircraft.

A method for providing secure data connections in an aviationenvironment is provided. The method is implemented using a securecommunication management (SCM) computer device. The SCM computer deviceincludes a processor in communication with a memory. The method includesreceiving, from a first user computer device, a first data message for afirst aircraft. The first data message is in a standardized data format.The method also includes analyzing the first data message for potentialcybersecurity threats. If the determination is that the first datamessage does not contain a cybersecurity threat, the method furtherincludes converting the first data message into a first data formatassociated with the first aircraft and transmitting the converted firstdata message to the first aircraft using a first communication protocolassociated with the first aircraft.

In another embodiment, a system for providing secure data connections inan aviation environment is provided. The system includes an aircraftincluding at least one computer system that communicates via a firstcommunication protocol. The system also includes a secure communicationmanagement (SCM) computer device that includes a processor incommunication with a memory. The SCM computer device is configured toreceive, from a first user computer device, a first data message for theaircraft. The first data message is in a standardized data format. TheSCM computer device is also configured to analyze the first data messagefor potential cybersecurity threats. If the determination is that thefirst data message does not contain a cybersecurity threat, the SCMcomputer device is configured to convert the first data message into afirst data format associated with the aircraft and transmit theconverted first data message to the aircraft using a first communicationprotocol associated with the aircraft.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a block diagram of an example overview of an aviationenvironment in accordance with one embodiment of the present disclosure.

FIG. 2 is a simplified block diagram of an example system for providingsecure data connections in the aviation environment shown in FIG. 1.

FIG. 3 illustrates an example configuration of a client computer deviceshown in FIG. 2, in accordance with one embodiment of the presentdisclosure.

FIG. 4 illustrates an example configuration of the server system shownin FIG. 2, in accordance with one embodiment of the present disclosure.

FIG. 5 is a flowchart illustrating an example of a process of providingsecure data connections in the aviation environment shown in FIG. 1using the system shown in FIG. 2.

FIG. 6 is a diagram of components of one or more example computingdevices that may be used in the system shown in FIG. 2.

DETAILED DESCRIPTION

The implementations described herein relate to systems and methods forproviding secure data connections in an aviation environment and, morespecifically, to managing data connections between ground-based computernetworks and a plurality of aircraft. More specifically, a securecommunication monitoring (“SCM”) computer device, also known as a SCMserver, provides a communication interface between a plurality ofaircraft and ground-based computer systems. The SCM computer devicemonitors communications between the plurality of aircraft and theground-based computer systems for cybersecurity threats, provides securecommunication channels between the plurality of aircraft and theground-based systems, and routes messages between the ground-basedsystems and the plurality of aircraft using a plurality of communicationprotocols corresponding to the plurality of aircraft.

In some embodiments, the SCM computer device monitors communicationtraffic between a plurality of aircraft and one or more ground-basedcomputer systems. The SCM computer device inspects communications fromthe one or more ground-based computer systems and from the plurality ofaircraft to prevent passing on infected or compromised data. In someembodiments, the SCM computer device inspects the payload of one or morepackets in the communication. The SCM computer device may also assemblemessages that are divided over multiple packets to ensure that the datais not compromised or infected. In the example embodiment, the SCMcomputer device monitors communication traffic for aircraft while thecorresponding aircraft is in flight and while the aircraft is on theground, such as at a gate.

In the example embodiments, the SCM computer device acts as a real-timecommunication gateway and establishes one or more secure communicationchannels with each aircraft of the plurality of aircraft. In someembodiments, the SCM computer device establishes multiple securecommunication channels with each aircraft based on the requirements ofthe corresponding aircraft. For example, different models of aircraftmay have different communication requirements. In other examples,different airlines may require different communication protocols and/orformats. This airplane data includes “Safety of Flight” communications.These secure communication channels are required to maintain minimumseparation standards within the allocated radio spectrum. Furthermorethe data transmitted are categorized and prioritized based on regionaland international standards. This data includes information that takeson a heighten level of security that does not tolerate or factor in anacceptable level of data loss. Accordingly, the system is configured forzero data loss. This is in contrast to other network systems, i.e.banking, commerce, entertainment and more, where some loss data can betolerated and factored into the system requirements.

In the example embodiments, the SCM computer device monitors theestablished communication channels for communications from thecorresponding aircraft. When the SCM computer device receives acommunication from an aircraft, the SCM computer device analyzes thecommunication for potential cybersecurity threats. The SCM computerdevice reformats the communication and transmits the communications toits destination. In the example embodiment, SCM computer device storesinformation to identify a plurality of potential cybersecurity threatsin a database. The database of identification information is configuredto be updated on a regular basis to keep on top of the latestcybersecurity developments and discoveries.

The SCM computer device also monitors for communications to each of theaircraft. When the SCM computer device receives a communication for oneof the aircraft, the SCM computer device analyzes the communication forpotential cybersecurity threats. If the communication does not includeany cybersecurity threats, the SCM computer device reformats thecommunication into a format that is associated with the securecommunication channel to the aircraft. Then the SCM computer devicetransmits the communication over the corresponding secure communicationchannel.

If the SCM computer device detects a potential cybersecurity threat in acommunication, the SCM computer device quarantines the communication. Insome embodiments, the SCM computer device may raise an alarm, alert thetransmitter of the potential cybersecurity threat, and/or clean thecommunication before transmitting the cleansed communication to itsdestination. The SCM computer device may also isolate the source of thecommunication The SCM computer device may log infected files for futureanalysis. In some embodiments, the SCM computer device may use trendingto statistically identify threat vectors, so responses can be moved fromlong term analytical responses to real time responses, based onexperience.

In some embodiments, when an aircraft lands, the aircraft transmits aplurality of operational data about the aircraft. For example, theaircraft may connect to a computer system at the gate and transmit theplurality of operational data to the connected computer system. In theseembodiments, the operational data includes information about one or moreflights of the associated aircraft. The plurality of operational datamay be transmitted for later use by the airline or for use by one ormaintenance crews to perform maintenance on the aircraft. In theseembodiments, the SCM computer device receives the plurality ofoperational data from the aircraft for transmission to the airline orthe maintenance crews. In some further embodiments, the SCM computerdevice stores the plurality of maintenance data from multiple aircraft.The SCM computer device may use this stored data to determine one ortrends. Trends may include, but are not limited to, fuel burn whichcould indicate fuel impurities that could be isolated to an airport,country or fuel company; specific regions that may be associated withmalicious cyber activity; specific times that may be associated withmalicious or disruptive cyber activity; specific attacks on specific AirNavigation Service Providers (ANSP) including the FAA; specific airlinesthat have been the target of focused hacking efforts or denial ofservice attacks; and specific aircraft that have been the target offocused hacking efforts or denial of service.

Described herein are computer systems such as the SCM computer devicesand related computer systems. As described herein, all such computersystems include a processor and a memory. However, any processor in acomputer device referred to herein may also refer to one or moreprocessors wherein the processor may be in one computing device or aplurality of computing devices acting in parallel. Additionally, anymemory in a computer device referred to herein may also refer to one ormore memories wherein the memories may be in one computing device or aplurality of computing devices acting in parallel.

As used herein, the term “cybersecurity threat” includes an unauthorizedattempt to gain access to a computer network or system. Cybersecuritythreats, also known as cyber-attacks or cyber-threats, attempt to breachcomputer systems by taking advantage of vulnerabilities in the computersystems. Some cybersecurity threats include attempts to damage ordisrupt a computer network or system. These cybersecurity threats mayinclude, but are not limited to, active intrusions, spy-ware, mal-ware,viruses, and worms. Cybersecurity threats may take many paths (alsoknown as attack paths) to breach a system. These paths may includeoperating system attacks, misconfiguration attacks, application levelattacks, and shrink wrap code attacks. Cybersecurity threats may beintroduced by individuals or systems directly accessing the computersystem or remotely via a communications network.

As used herein, a processor may include any programmable systemincluding systems using micro-controllers, reduced instruction setcircuits (RISC), application specific integrated circuits (ASICs), logiccircuits, and any other circuit or processor capable of executing thefunctions described herein. The above examples are example only, and arethus not intended to limit in any way the definition and/or meaning ofthe term “processor.”

As used herein, the term “database” may refer to either a body of data,a relational database management system (RDBMS), or to both. As usedherein, a database may include any collection of data includinghierarchical databases, relational databases, flat file databases,object-relational databases, object oriented databases, and any otherstructured collection of records or data that is stored in a computersystem. The above examples are example only, and thus are not intendedto limit in any way the definition and/or meaning of the term database.Examples of RDBMS's include, but are not limited to including, Oracle®Database, MySQL, IBM® DB2, Microsoft® SQL Server, Sybase®, andPostgreSQL. However, any database may be used that enables the systemsand methods described herein. (Oracle is a registered trademark ofOracle Corporation, Redwood Shores, Calif.; IBM is a registeredtrademark of International Business Machines Corporation, Armonk, N.Y.;Microsoft is a registered trademark of Microsoft Corporation, Redmond,Wash.; and Sybase is a registered trademark of Sybase, Dublin, Calif.)

In one embodiment, a computer program is provided, and the program isembodied on a computer readable medium. In an example embodiment, thesystem is executed on a single computer system, without requiring aconnection to a server computer. In a further embodiment, the system isbeing run in a Windows® environment (Windows is a registered trademarkof Microsoft Corporation, Redmond, Wash.). In yet another embodiment,the system is run on a mainframe environment and a UNIX® serverenvironment (UNIX is a registered trademark of X/Open Company Limitedlocated in Reading, Berkshire, United Kingdom). The application isflexible and designed to run in various different environments withoutcompromising any major functionality. In some embodiments, the systemincludes multiple components distributed among a plurality of computingdevices. One or more components may be in the form ofcomputer-executable instructions embodied in a computer-readable medium.

As used herein, an element or step recited in the singular and proceededwith the word “a” or “an” should be understood as not excluding pluralelements or steps, unless such exclusion is explicitly recited.Furthermore, references to “example embodiment” or “one embodiment” ofthe present disclosure are not intended to be interpreted as excludingthe existence of additional embodiments that also incorporate therecited features.

As used herein, the terms “software” and “firmware” are interchangeable,and include any computer program stored in memory for execution by aprocessor, including RAM memory, ROM memory, EPROM memory, EEPROMmemory, and non-volatile RAM (NVRAM) memory. The above memory types areexample only, and are thus not limiting as to the types of memory usablefor storage of a computer program.

Furthermore, as used herein, the term “real-time” refers to at least oneof the time of occurrence of the associated events, the time ofmeasurement and collection of predetermined data, the time to processthe data, and the time of a system response to the events and theenvironment. In the embodiments described herein, these activities andevents occur substantially instantaneously.

The systems and processes are not limited to the specific embodimentsdescribed herein. In addition, components of each system and eachprocess can be practiced independent and separate from other componentsand processes described herein. Each component and process also can beused in combination with other assembly packages and processes.

FIG. 1 illustrates a block diagram of an example overview of an aviationenvironment 100 in accordance with one embodiment of the presentdisclosure. Aviation environment 100 includes a plurality of aircraft102, 104, and 106, which are in communication with a ground controller108. In the example embodiment, aircraft 102 and 104 are in-flight andaircraft 106 is at a gate 110. In some embodiments, in-flight aircraft102 and 104 communicate with ground controller 108 through a cellularconnection. In other embodiments, aircraft 102 communicates with groundcontroller 108 through satellite 112. In the example embodiment,aircraft 106 communicates with ground controller 108 through gate 110.In some embodiments, the connection to gate 110 is via a wirelessconnection. In other embodiments, the connection is a direct wiredconnection between aircraft 106 and gate 110. Gate 110 then relays databetween ground controller 108 and aircraft 106. Gate 110 may communicatewith ground controller 108 through the Internet through many interfacesincluding, but not limited to, at least one of a network, such as theInternet, a LAN, a WAN, an integrated services digital network (ISDN), adial-up-connection, a digital subscriber line (DSL), a cellular phoneconnection, a satellite connection, and a cable modem.

In the some embodiments, communication between gate 110 and aircraft 106is more desirable for large exchanges of information than thecommunication between in-flight aircraft 102 and 104 and groundcontroller 108. In these embodiments, critical information iscommunicated while aircraft 102 and 104 are in-flight, while generalinformation is communicated once the aircraft is connected to a low-costconnection on the ground, such as at gate 110. For example,communication with aircraft 106 at gate 110 may be less expensive thancommunication while aircraft 102 and 104 is in flight. Gate basedcommunication may also have higher bandwidth, faster speed, improvedclarity, and different security than in-flight communication. Inaddition, the attributes of the communication with in-flight aircraft102 and 104 may change based on the location of the correspondingaircraft 102 and 104, the weather patterns, and other phenomena that canaffect communication and data transfer.

In the example embodiment, ground controller is also in communicationwith a plurality of user computer devices 114. Each of the plurality ofuser computer devices 114 is a different service or system that isconfigured to communicate with aircraft 102, 104, and 106. For example,user computer device 114 may be associated with an airline, amaintenance crew, a weather information system, an internet provider, anavigation system, a flight control system, and/or one or more othersystems that need to communicate with an aircraft for its proper andreliable operation.

FIG. 2 is a simplified block diagram of an example system 200 forproviding secure data connections in aviation environment 100 shown inFIG. 1. In the example embodiment, system 200 is used for monitoringcommunications for cyber-security threats and attacks, identifyingdetected cybersecurity threats and attacks, converting communicationformats between different systems, and ensuring proper communicationprotocols are used between different systems. In addition, system 200 isa cyber-security monitoring system that includes a secure communicationmanagement (SCM) computer device 212 (also known as a SCM server)configured to monitor for cybersecurity threats and provide securecommunications. As described below in more detail, SCM server 212 isconfigured to receive, from a user computer device 222, a data messagefor aircraft 102 (shown in FIG. 1). The data message is in astandardized data format. SCM server 212 is also configured to analyzethe data message for potential cybersecurity threats. If the analysis isthat the data message does not contain a cybersecurity threat, SCMserver 212 is further configured to convert the data message into a dataformat associated with aircraft 102 and transmit the converted datamessage to aircraft 102 using a communication protocol associated withaircraft 102.

In the example embodiment, client systems 214 are computers that includea web browser or a software application, which enables client systems214 to communicate with SCM server 212 via cellular communication,satellite communication, the Internet, or a Wide Area Network (WLAN). Insome embodiments, client systems 214 are communicatively coupled to SCMserver 212 through many interfaces including, but not limited to, atleast one of a network, such as the Internet, a LAN, a WAN, or anintegrated services digital network (ISDN), a dial-up-connection, adigital subscriber line (DSL), a cellular phone connection, a satelliteconnection, and a cable modem. Client systems 214 can be any devicecapable of accessing a network, such as the Internet, including, but notlimited to, a desktop computer, a laptop computer, a personal digitalassistant (PDA), a cellular phone, a smartphone, a tablet, a phablet, orother web-based connectable equipment. In the example embodiment, clientsystems 214 are computer systems included on aircraft 102, 104, and 106(shown in FIG. 1). In some embodiments, client systems 214 are computerdevices that control the operation of aircraft 102, 104, and 106.

In some embodiments, client systems 214 are known as line replaceableunits (LRU). These client systems 214 include, but are not limited to,flight deck controls (Electronic Flight Bag), avionics data (satellitecommunication (SATCOM), Aircraft Communications Addressing and ReportingSystem (ACARS), and avionics), open networking (avionics interfaces,servers, terminal wireless, network appliances, and core network),maintenance (software loading and maintenance access), cabin and airlineServices (Flight Operational Quality Assurance (FOQA) Data, FA terminalsand crew wireless), Network File Servers (NFS), Mass Storage Devices(MSDs), Crew Wireless LAN Units (CWLUs), and Passengers (in-flightentertainment (IFE), Wi-Fi, and cell phones).

A database server 216 is communicatively coupled to a database 220 thatstores data. In one embodiment, database 220 is a database that includescommunication protocols, aircraft, cybersecurity threats, and historicaldata. In the example embodiment, database 220 is stored remotely fromSCM server 212. In some embodiments, database 220 is decentralized. Inthe example embodiment, a person can access database 220 via clientsystems 214 or remote computer device 222 by logging onto SCM server212.

In the example embodiment, SCM server 212 is communicatively coupledwith a plurality of aircraft 102, 104, and 106 and remote computerdevices 222. SCM server 212 acts as a gateway between the plurality ofaircraft and remote computer devices 222. In the example embodiment, SCMserver 212 provides secure communication links between aircraft 102,104, and 106 and remote computer devices 222, while also filtering thecommunications to prevent cybersecurity threats. In the exampleembodiment, SCM server 212 establishes secure communication channelswith each of aircraft 102, 104, and 106. The secure communicationchannels are two-way communication channels. In some embodiments, thesecure communication channels transmit and receive encrypted data. Insome further embodiments, the secure communication channels requireauthentication information to be included in communications. Securecommunication channels may be secured in other methods to allow thesystems and methods described herein to function. In some embodiments,SCM server 212 is similar to ground-based computer systems, such asground controller 108 (shown in FIG. 1). In some embodiments, SCM server212 includes a plurality of computer systems in a network to allow thesystems and methods to work as described herein.

SCM server 212 is also in communication with remote computer devices222. In some embodiments, remote computer device 222 is user computerdevice 114, shown in FIG. 1. In the example embodiment, remote computerdevice 222 is configured to communicate with at least one of aircraft102, 104, and 106 through SCM server 212. Remote computer device 222 isconfigured to communicate with SCM server 212 via using the Internet. Insome embodiments, remote computer devices 222 are communicativelycoupled to the Internet through many interfaces including, but notlimited to, at least one of a network, such as the Internet, a LAN, aWAN, or an integrated services digital network (ISDN), adial-up-connection, a digital subscriber line (DSL), a cellular phoneconnection, a satellite connection, and a cable modem. Remote computerdevice 222 can be any device capable of accessing a network, such as theInternet, including, but not limited to, a desktop computer, a laptopcomputer, a personal digital assistant (PDA), a cellular phone, asmartphone, a tablet, a phablet, or other web-based connectableequipment.

In the example embodiment, remote computer device 222 is associated withthe plurality of aircraft. For example, remote computer device 222 isassociated with the airline associated with the plurality of aircraft.In other embodiments, remote computer device 222 is just incommunication with the plurality of aircraft, such as a weatherinformation computer device. In other embodiments, remote computerdevice 222 is not associated with an aircraft, but instead associatedwith any computer network of networked computer devices that operate asdescribed herein. For example, remote computer device 222 may beassociated with an airline, a maintenance crew, a weather informationsystem, an internet provider, a navigation system, a flight controlsystem, and/or one or more other systems that need to communicate withan aircraft for its proper and reliable operation.

FIG. 3 illustrates an example configuration of client system 214 shownin FIG. 2, in accordance with one embodiment of the present disclosure.User computer device 302 is operated by a user 301. User computer device302 may include, but is not limited to, client systems 214 (shown inFIG. 2), user computer device 114 (shown in FIG. 1), and remote computerdevice 222 (shown in FIG. 2). User computer device 302 includes aprocessor 305 for executing instructions. In some embodiments,executable instructions are stored in a memory area 310. Processor 305may include one or more processing units (e.g., in a multi-coreconfiguration). Memory area 310 is any device allowing information suchas executable instructions and/or transaction data to be stored andretrieved. Memory area 310 may include one or more computer readablemedia.

User computer device 302 also includes at least one media outputcomponent 315 for presenting information to user 301. Media outputcomponent 315 is any component capable of conveying information to user301. In some embodiments, media output component 315 includes an outputadapter (not shown) such as a video adapter and/or an audio adapter. Anoutput adapter is operatively coupled to processor 305 and operativelycoupleable to an output device such as a display device (e.g., a cathoderay tube (CRT), liquid crystal display (LCD), light emitting diode (LED)display, or “electronic ink” display) or an audio output device (e.g., aspeaker or headphones). In some embodiments, media output component 315is configured to present a graphical user interface (e.g., a web browserand/or a client application) to user 301. A graphical user interface mayinclude, for example, an online store interface for viewing and/orpurchasing items, and/or a wallet application for managing paymentinformation. In some embodiments, user computer device 302 includes aninput device 320 for receiving input from user 301. User 301 may useinput device 320 to, without limitation, select and/or enter one or moreitems to purchase and/or a purchase request, or to access credentialinformation, and/or payment information. Input device 320 may include,for example, a keyboard, a pointing device, a mouse, a stylus, a touchsensitive panel (e.g., a touch pad or a touch screen), a gyroscope, anaccelerometer, a position detector, a biometric input device, and/or anaudio input device. A single component such as a touch screen mayfunction as both an output device of media output component 315 andinput device 320.

User computer device 302 may also include a communication interface 325,communicatively coupled to a remote device such as SCM server 212 (shownin FIG. 2). Communication interface 325 may also be in communicationwith a control system (not shown) of an aircraft, such as aircraft 102shown in FIG. 1, where user computer device 302 provides instructions toand receives data from the control system. Communication interface 325may include, for example, a wired or wireless network adapter and/or awireless data transceiver for use with a mobile telecommunicationsnetwork.

Stored in memory area 310 are, for example, computer readableinstructions for providing a user interface to user 301 via media outputcomponent 315 and, optionally, receiving and processing input from inputdevice 320. A user interface may include, among other possibilities, aweb browser and/or a client application. Web browsers enable users, suchas user 301, to display and interact with media and other informationtypically embedded on a web page or a website from SCM server 212. Aclient application allows user 301 to interact with, for example, SCMserver 212. For example, instructions may be stored by a cloud service,and the output of the execution of the instructions sent to the mediaoutput component 315.

Processor 305 executes computer-executable instructions for implementingaspects of the disclosure. In some embodiments, the processor 305 istransformed into a special purpose microprocessor by executingcomputer-executable instructions or by otherwise being programmed.

FIG. 4 illustrates an example configuration of the server system 212shown in FIG. 2, in accordance with one embodiment of the presentdisclosure. Server computer device 401 may include, but is not limitedto, database server 216, SCM server 212, remote computer device 222 (allshown in FIG. 2), ground controller 108, and user computer device 114(both shown in FIG. 1). Server computer device 401 also includes aprocessor 405 for executing instructions. Instructions may be stored ina memory area 410. Processor 405 may include one or more processingunits (e.g., in a multi-core configuration).

Processor 405 is operatively coupled to a communication interface 415such that server computer device 401 is capable of communicating with aremote device such as another server computer device 401, another SCMserver 212, remote computer device 222, or client system 214 (shown inFIG. 2). For example, communication interface 415 may receive requestsfrom remote computer device 222 via the Internet, as illustrated in FIG.2.

Processor 405 may also be operatively coupled to a storage device 434.Storage device 434 is any computer-operated hardware suitable forstoring and/or retrieving data, such as, but not limited to, dataassociated with database 220 (shown in FIG. 2). In some embodiments,storage device 434 is integrated in server computer device 401. Forexample, server computer device 401 may include one or more hard diskdrives as storage device 434. In other embodiments, storage device 434is external to server computer device 401 and may be accessed by aplurality of server computer devices 401. For example, storage device434 may include a storage area network (SAN), a network attached storage(NAS) system, and/or multiple storage units such as hard disks and/orsolid state disks in a redundant array of inexpensive disks (RAID)configuration.

In some embodiments, processor 405 is operatively coupled to storagedevice 434 via a storage interface 420. Storage interface 420 is anycomponent capable of providing processor 405 with access to storagedevice 434. Storage interface 420 may include, for example, an AdvancedTechnology Attachment (ATA) adapter, a Serial ATA (SATA) adapter, aSmall Computer System Interface (SCSI) adapter, a RAID controller, a SANadapter, a network adapter, and/or any component providing processor 405with access to storage device 434.

Processor 405 executes computer-executable instructions for implementingaspects of the disclosure. In some embodiments, the processor 405 istransformed into a special purpose microprocessor by executingcomputer-executable instructions or by otherwise being programmed. Forexample, the processor 405 is programmed with the instruction such asillustrated in FIG. 5.

FIG. 5 is a flowchart illustrating an example of a process 500 ofproviding secure data connections in aviation environment 100 (shown inFIG. 1) using system 200 shown in FIG. 2. Process 500 may be implementedby a computing device, for example SCM server 212 (shown in FIG. 2).

In the example embodiment, SCM server 212 receives 505 a data messagedestined for a first aircraft 102. In the example embodiment, the datamessage includes one or more packets. The data message is received 505from a remote computer device 222 (shown in FIG. 2), such as usercomputer device 114 (shown in FIG. 1). In some embodiments, the datamessage is information for first aircraft 102, such as navigationalinformation and/or weather information. In other embodiments, the datamessage is requested information or ongoing communication with one ormore occupants of first aircraft 102, such as through an in-flightInternet service.

In the example embodiment, SCM server 212 analyzes 510 the data messagefor potential cybersecurity threats. SCM server 212 compares the datamessage to known cybersecurity threats. In some embodiments, SCM server212 analyzes 510 the payload of the data message. And in some furtherembodiments, SCM server 212 combines and/or reassembles multiple packetsto analyze. In some embodiments, SCM server 212 analyzes 510 bycomparing the data message to one or more known cybersecurity threats,whose identifiers are stored in database 220.

If the analysis is that the first data message does not contain acybersecurity threat, SCM server 212 converts 515 the data message intoa data format associated with first aircraft 102. In the exampleembodiment, different models of aircraft 102, 104, and 106 communicatevia different communication protocols and may require the data messageto be in different data formats for the different communicationprotocols. In addition, different services, such as, but not limited to,navigation, weather conditions, in-flight Internet, and othercommunications, require different data formats or communicationprotocols between ground based systems, such as SCM server 212 and thedestination aircraft 102. In the example embodiments, SCM server 212transmits 520 the converted data message to first aircraft 102 using afirst communication protocol associated with first aircraft 102.

In the example embodiment, SCM server 212 facilitates two-waycommunication between first aircraft 102 and remote computer device 222.In this embodiment, SCM server 212 receives data messages from firstaircraft 102 to be transmitted to remote computer device 222. SCM server212 analyzes the received data message for potential cybersecuritythreats. If the determination is that the data message does not containa cybersecurity threat, SCM server 212 converts the data message intothe standardized data format and transmits the converted data message toremote computer device 222.

In some embodiments, SCM server 212 receives a data message to betransmitted to multiple aircraft, such as weather information. SCMserver 212 converts the data message into a first data message for firstaircraft 102 and a second data message for second aircraft 104, beforetransmitting the corresponding message to the corresponding aircraft. Insome embodiments, first aircraft 102 and second aircraft 104 communicatewith SCM server 212 using different communication protocols. In someembodiments, the first data message for first aircraft 102 and seconddata message for second aircraft 104 have different formats. In someembodiments, first aircraft 102 is associated with a first airline andsecond aircraft 104 is associated with a second airline. Thesedifferences may be due to difference between the models and/or systemsof first aircraft 102 and second aircraft 104. In other embodiments,first aircraft 102 and second aircraft 104 may be flying in differentgeographic regions and those regions may have different communicationrequirements. Further embodiments, may change the communication protocoldue to the location of transceivers on the ground that SCM server 212may use to communicate with first aircraft 102 and second aircraft 104.

In some embodiments, SCM server 212 stores the communication protocolsassociated with each aircraft in database 220 (shown in FIG. 2). WhenSCM server 212 receives 505 a message to transmit to the aircraft 102,SCM server 212 uses database 220 to determine the format andcommunication protocol associated with that aircraft 102.

In some embodiments, if SCM server 212 detects a potential cybersecuritythreat in a communication, SCM server 212 quarantines the communication.In some embodiments, SCM server 212 may raise an alarm, alert thetransmitter of the potential cybersecurity threat, and/or clean thecommunication before transmitting the cleansed communication to itsdestination. SCM server 212 may also isolate the source of thecommunication to prevent further communication. SCM computer device 212may log infected files for future analysis. In some embodiments, SCMcomputer device 212 may use trending to statistically identify threatvectors, so responses can be moved from long term analytical responsesto real time responses, based on experience.

In some embodiments, when aircraft 106 lands, aircraft 106 transmits aplurality of operational data about aircraft 106. For example, aircraft106 may connect to a computer system at gate 110 (shown in FIG. 1) andtransmit the plurality of operational data to the connected computersystem. In these embodiments, the operational data includes informationabout one or more flights of aircraft 106. The plurality of operationaldata may be transmitted to remote computer device 222 for later use bythe airline or for use by one or maintenance crews to performmaintenance on aircraft 106. Before transmission the plurality ofoperational data is analyzed by SCM server 212 for potentialcybersecurity threats. In these embodiments, SCM server 212 receives theplurality of operational data from aircraft 106 for transmission to theairline or the maintenance crews. In some further embodiments, SCMserver 212 receives a plurality of maintenance data from multipleaircraft 102, 104, and 106, and stores the plurality of maintenance datafrom multiple aircraft 102, 104, and 106. SCM server 212 may use thisstored data to determine one or trends. Trends may include, but are notlimited to, fuel burn which could indicate fuel impurities that could beisolated to an airport, country or fuel company; specific regions thatmay be associated with malicious cyber activity; specific times that maybe associated with malicious or disruptive cyber activity; specificattacks on specific Air Navigation Service Providers (ANSP) includingthe FAA; specific airlines that have been the target of focused hackingefforts or denial of service attacks; and specific aircraft that havebeen the target of focused hacking efforts or denial of service. Thetrend data may be transmitted to remote computer device 222.

FIG. 6 is a diagram 600 of components of one or more example computingdevices that may be used in the system 200 shown in FIG. 2. In someembodiments, computing device 610 is similar to SCM server 212 (shown inFIG. 2). Database 620 may be coupled with several separate componentswithin computing device 610, which perform specific tasks. In thisembodiment, database 620 includes communication protocols 622, aircraft624, cybersecurity threats 626, and historical data 628. In someembodiments, database 620 is similar to database 220 (shown in FIG. 2).

Computing device 610 includes the database 620, as well as data storagedevices 630. Computing device 610 also includes a communicationcomponent 640 for receiving 505 a first data message and transmitting520 the converted first data message (both shown in FIG. 5). Computingdevice 610 also includes an analyzing component 650 for analyzing 510the first data message (shown in FIG. 5). Computer device 610 furtherincludes a conversion component 660 for converting 515 the first datamessage (shown in FIG. 5). A processing component 670 assists withexecution of computer-executable instructions associated with thesystem.

As used herein, the term “non-transitory computer-readable media” isintended to be representative of any tangible computer-based deviceimplemented in any method or technology for short-term and long-termstorage of information, such as, computer-readable instructions, datastructures, program modules and sub-modules, or other data in anydevice. Therefore, the methods described herein may be encoded asexecutable instructions embodied in a tangible, non-transitory, computerreadable medium, including, without limitation, a storage device and/ora memory device. Such instructions, when executed by a processor, causethe processor to perform at least a portion of the methods describedherein. Moreover, as used herein, the term “non-transitorycomputer-readable media” includes all tangible, computer-readable media,including, without limitation, non-transitory computer storage devices,including, without limitation, volatile and nonvolatile media, andremovable and non-removable media such as a firmware, physical andvirtual storage, CD-ROMs, DVDs, and any other digital source such as anetwork or the Internet, as well as yet to be developed digital means,with the sole exception being a transitory, propagating signal.

As described above, the implementations described herein relate tosystems and methods for providing secure data connections in an aviationenvironment and, more specifically, to managing data connections betweenground-based computer networks and a plurality of aircraft. Morespecifically, a secure communication monitoring (“SCM”) computer deviceprovides a communication interface between a plurality of aircraft andground-based computer systems. The SCM computer device monitorscommunications between the plurality of aircraft and the ground-basedcomputer systems for cybersecurity threats, provides securecommunication channels between the plurality of aircraft and theground-based systems, and routes messages between the ground-basedsystems and the plurality of aircraft using a plurality of communicationprotocols corresponding to the plurality of aircraft.

The above-described methods and systems for providing secure dataconnections in an aviation environment are cost-effective, secure, andhighly reliable. The methods and systems include routing through theabove-mentioned SCM computer device to increase the accuracy of thetransmitted information, reduce the number of systems that interact withaviation-based computer systems, provide for a reduces number ofcomputer systems that require cybersecurity upgrades, and greatlyincrease the security of information transmitted to and from aircraft.Accordingly, the methods and systems facilitate secure communications inan aviation environment in a cost-effective and reliable manner.

This written description uses examples to disclose variousimplementations, including the best mode, and also to enable any personskilled in the art to practice the various implementations, includingmaking and using any devices or systems and performing any incorporatedmethods. The patentable scope of the disclosure is defined by theclaims, and may include other examples that occur to those skilled inthe art. Such other examples are intended to be within the scope of theclaims if they have structural elements that do not differ from theliteral language of the claims, or if they include equivalent structuralelements with insubstantial differences from the literal language of theclaims.

What is claimed is:
 1. A secure communication management (SCM) computerdevice for providing secure data connections to a plurality of aircraft,the SCM computer device comprising a processor in communication with amemory and at least a first aircraft and a second aircraft of theplurality of aircraft, wherein the first aircraft is located in a firstgeographic region and the second aircraft is located in a secondgeographic region, wherein the first geographic region and the secondgeographic region are different, wherein the SCM computer device isground-based, and where the processor is programmed to: receive, from auser computer device, a first data message for the first aircraft andthe second aircraft of the plurality of aircraft; analyze the first datamessage for potential cybersecurity threats by comparing the first datamessage to known cybersecurity threats; if the first data message doesnot contain a cybersecurity threat, the processor is programmed to:transmit the first data message to the first aircraft using a firstcommunication protocol associated with the first aircraft; and transmitthe first data message to the second aircraft using a secondcommunication protocol associated with the second aircraft, wherein thefirst communication protocol and the second communication protocol aredifferent; receive a second data message from the first aircraft;analyze the second data message for potential cybersecurity threats; ifthe second data message does not contain a cybersecurity threat, theprocessor is programmed to: convert the second data message into astandardized data format associated with the user computer device; andtransmit the converted second data message to the user computer device.2. The SCM computer device in accordance with claim 1, wherein theprocessor is further programmed to analyze the first data message forpotential cybersecurity threats by comparing the first data message toone or more databases containing a plurality of known cybersecuritythreats.
 3. The SCM computer device in accordance with claim 1, whereinthe processor is further programmed to quarantine the first data messageif the first data message contains a cybersecurity threat.
 4. The SCMcomputer device in accordance with claim 1, wherein the first aircraftis associated with a first airline and wherein the second aircraft isassociated with a second airline.
 5. The SCM computer device inaccordance with claim 1, wherein the processor is further programmed toconvert the first data message into a first data format associated withthe first aircraft and into a second data format associated with thesecond aircraft.
 6. The SCM computer device in accordance with claim 1,wherein the processor is further programmed to determine a communicationprotocol and data format associated with the corresponding aircraft. 7.The SCM computer device in accordance with claim 1, wherein theprocessor is further programmed to: receive a plurality of data from aplurality of aircraft; analyze the plurality of data to determine one ormore trends; and transmit the determined one or more trends to the usercomputer device.
 8. The SCM computer device in accordance with claim 1,wherein the processor is further programmed to: receive a plurality ofdata from the first aircraft where the first aircraft is at a gate;analyze the plurality of data for potential cybersecurity threats; ifthe determination is that the plurality of data does not contain anycybersecurity threats, convert the plurality of data into a standardizeddata format associated with the user computer device; and transmit theconverted plurality of data to the user computer device.
 9. The SCMcomputer device in accordance with claim 8, wherein the plurality ofdata includes one or more operating conditions of the correspondingaircraft.
 10. The SCM computer device in accordance with claim 1,wherein the first aircraft is in flight.
 11. The SCM computer device inaccordance with claim 1, wherein the user computer device is associatedwith at least one of an airline associated with the first aircraft andat least one maintenance system associated with the first aircraft. 12.A secure communication management (SCM) computer device for providingsecure data connections to a plurality of aircraft, the SCM computerdevice comprising a processor in communication with a memory and atleast a first aircraft of the plurality of aircraft, wherein the SCMcomputer device is ground-based, and where the processor is programmedto: receive a first data message for the first aircraft and a secondaircraft of the plurality of aircraft; analyze the first data messagefor potential cybersecurity threats by comparing the first data messageto known cybersecurity threats; if the first data message does notcontain a cybersecurity threat, the processor is programmed to: transmitthe first data message to the first aircraft using a first communicationprotocol associated with the first aircraft; and transmit the first datamessage to the second aircraft using a second communication protocolassociated with the second aircraft; receive a second data message fromthe first aircraft; analyze the second data message for potentialcybersecurity threats; if the second data message does not contain acybersecurity threat, the processor is programmed to: convert the seconddata message into a standardized data format; and transmit the convertedsecond data message to a ground-based user computer device.
 13. The SCMcomputer device in accordance with claim 12, wherein the processor isfurther programmed to: convert the first data message into a first dataformat associated with the first aircraft; and convert the first datamessage into a second data format associated with the second aircraft.14. The SCM computer device in accordance with claim 12, wherein theprocessor is further programmed to: convert the first data message intoa second data format associated with the second aircraft, wherein thefirst aircraft is located in a first geographic region and the secondaircraft is located in a second geographic region, wherein the firstgeographic region and the second geographic region are different. 15.The SCM computer device in accordance with claim 12, wherein theprocessor is further programmed to analyze the first data message forpotential cybersecurity threats by comparing the first data message toone or more databases containing a plurality of known cybersecuritythreats.
 16. The SCM computer device in accordance with claim 15,wherein the processor is further programmed to quarantine the first datamessage if the first data message contains a cybersecurity threat.
 17. Asystem for providing secure data connections in an aviation environment,the system comprising: a first aircraft including at least one computersystem that communicates via a first communication protocol; a secondaircraft including at least one computer system that communicates via asecond communication protocol, wherein the first communication protocolis different from the second communication protocol, wherein the firstaircraft is located in a first geographic region and the second aircraftis located in a second geographic region, wherein the first geographicregion and the second geographic region are different; and a securecommunication management (SCM) computer device comprising a processor incommunication with a memory, wherein the SCM computer device is remotefrom the first aircraft and the second aircraft, and wherein the SCMcomputer device is ground-based, the SCM computer device programmed to:receive, from a user computer device, a first data message for the firstaircraft and the second aircraft; analyze the first data message forpotential cybersecurity threats by comparing the first data message toknown cybersecurity threats; if the first data message does not containa cybersecurity threat, the SCM computer device programmed to: transmitthe first data message to the first aircraft using a first communicationprotocol associated with the first aircraft; and transmit the first datamessage to the second aircraft using a second communication protocolassociated with the second aircraft, wherein the first communicationprotocol and the second communication protocol are different; receive asecond data message from the first aircraft; analyze the second datamessage for potential cybersecurity threats; if the determination isthat the second data message does not contain a cybersecurity threat,convert the second data message into a standardized data formatassociated with the user computer device; and transmit the convertedsecond data message to the user computer device.
 18. The system inaccordance with claim 17, wherein the SCM computer device is furtherprogrammed to: analyze the first data message for potentialcybersecurity threats; and quarantine the first data message if thefirst data message contains a cybersecurity threat.